When I then try to add an exception, after some seconds it tells me: "Valid certificate: This site provides valid, certified identification. There is no need to add an exception". And the "Confirm Security Exception" button stays greyed out.

Now I am stuck .... :-(

Thanks in advance

I have a SSL web-server xxx.yyy with a valid certificate that is signed by a CA known to Firefox.
When I access "https://xxx.yyy" everything is fine. When I access "https://xxx.yyy/some_page", I get the "This Connection is Untrusted" dialog, which tells me:
#####
Technical Details
xxx.yyy uses an invalid security certificate.
The certificate is only valid for @subject_cn@
(Error code: ssl_error_bad_cert_domain)
#####
When I then try to add an exception, after some seconds it tells me: "Valid certificate: This site provides valid, certified identification. There is no need to add an exception". And the "Confirm Security Exception" button stays greyed out.
Now I am stuck .... :-(
Thanks in advance

Question owner

I am suspecting the "@subject_cn@" wants to tell me something. Why doesn't it show the CN of the certificate (xxx.yyy)?

Just some more info: the SSL server is on a different network, behind a Socks5 proxy (firefox) configured to do DNS lookups. Maybe this is related...

I am suspecting the "@subject_cn@" wants to tell me something. Why doesn't it show the CN of the certificate (xxx.yyy)?
Just some more info: the SSL server is on a different network, behind a Socks5 proxy (firefox) configured to do DNS lookups. Maybe this is related...

Some more info. The proxy configuration is not the problem. It might be that the certificate has a problem after all.
When inspecting the certificate with openssl, it shows;
> X509v3 Subject Alternative Name:
> DNS:@subject_cn@, email:user@zzz.yyy
Is that a syntax recognized by firefox? Is that valid at all?